One of the things we at Cisco try to do is reach out to those studying infosec and wanting to make a career in security. At BlackHat Cisco had a contest where the winner got a Pwnie Express PWN Phone, effectively a modified Nokia N900 with some pentesting software loaded. A group of guys, volunteers with the show from an IT school, were fascinated by the PWN Phone – possibly because in their circle a couple of them had Nokia N900s, a device relatively unknown in North America but somewhat popular in certain hacking circles due to the fact that its OS is Linux-based and thus can be made to run things like metasploit (like the PWN Phone does).

When talking about vulnerabilities, the Cisco PSIRT has probably seen it all. Vulnerabilities that can be exploited over the network, vulnerabilities that need local access, and vulnerabilities that need physical access. Vulnerabilities that affect integrity, confidentiality, and availability. Vulnerabilities at the operating system level, at the application level, or at the protocol level. Hands down, the most time consuming and complex to handle are those involving a protocol – we need to investigate each and every Cisco product that implements the affected protocol. And if the vulnerability is in, say, IPv4… the investigation will require significant time and resources.

But there is one kind of report that makes the heart of any PSIRT Incident Manager sink – an email from a customer asking “How do I fix these vulnerabilities?”. And attached to the email – a report from a vulnerability scanner.

Simple Network Management Protocol (SNMP) is part of IETF’s Internet Protocol Suite that consists of four abstraction layers and defines a set of protocols used on the Internet. SNMP is mainly used for management and monitoring of networked devices. It can inform about the health of a network device or other reflections of its state (interfaces, IP addresses, traffic and more). SNMP is defined as part of IETF RFC 1157. For its function, it leverages Management Information Bases (MIBs), which define the structure of device information maintained. They represent a hierarchical namespace containing object identifiers (OIDs). Each OID identifies an object that holds the information of interest and can be polled or set via SNMP.

The web, which for many people is more like the internet than a service that runs over the internet, has brought profound changes. While opening a great number of doors and creating opportunities that otherwise might not exist), the web also creates exposure and opportunities for those who would do bad things.

One of the challenges that IT and security professionals constantly face is finding the right balace between access and flexibility on one side and security on the other. The perfectly locked down, 100% airgapped network may be secure, but such an island would be less than useful for most organizations.

It’s no secret that network threats have grown significantly over the past several years – in number, as well as complexity. This growth continues to place an overwhelming burden on IT resources, who have to combat these threats on a daily basis. These guys already have a rough job of just keeping up with the sheer volume and variety of threats … but also making them go through multiple hoops and internal approvals to procure and piece together the solution from different vendors is enough to push a lot of folks over the proverbial edge!

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.